Strictly speaking, you forgot that it's $99 per year
Yes that's true.
and you forgot the cost of the mac you need to build the app.
I already had one.
You can build an android app on nearly any platform.
So of course you need to have a PC of some sort, if you want to run arbitrary code and you already have a PC but it isn't a Mac and you don't want to buy a Mac and don't know somebody that could build the binary for you on their Mac then obviously buy an Android device, the options are all there. I'm not advocating for one over the other but clearly if the cost is too much for you then by all means go for Android.
If all you want to do is tinker with android, the cost is zero - the one-time fee only applies when you want to publish the app.
This is all nice in theory but if it were actually a legitimate issue then I would think we should see a LOT of innovation on Android relative to iOS simply because of the supposed hurdles to develop for iOS. Assuming this cost is such a significant barrier to entry we should be seeing some negative effect, where is it?
I often see this barrier to entry issue paraded as a disadvantage of iOS so it should be seen as an advantage to Android but are the benefits actually anything more than theoretical?
Android will refuse to run unsigned apps - they MUST have a signature, though there is no certificate authority they have to go through.
Right well "signed by anybody" isn't that much different from a code safety perspective than unsigned code, you still have to trust who it is signed by and while they might not be able to modify existing apps we can see that from the malware examples on Android (even though I don't believe that many are particularly widely circulated) that this doesn't make much of a difference in terms of their ability to be malicious.
But, apps with differing signatures can't interfere with one another.
The protections in modern Windows and OS X offer the same thing unless you start running things as administrator, and if you have root access on any system you get pretty much free reign to do whatever you want anyway.
Wrong again; Apple already has made a major slipup.
The one you refer to was a research project, it's hardly a "major slipup" (I'm sure platform fanboys would like it portrayed that way but I don't have a religious devotion to any technology platform), in fact it had exactly zero impact on anybody, period.
And of course, that is only what's known. Apple users assume that everything they do is 100% secure once vetted by Apple, but they couldn't be more wrong.
No i don't think that's true at all, I guess I'm an Apple user (amongst Windows, Android and Gentoo) and I pointed out that whilst they are very good they are not perfect, which is the same as Google with the Play Store.
Generally if you live in a first world country, malware on Android isn't a problem in the slightest.
Obviously if you restrict yourself to the Google Play store it is very much the same thing as using an iOS device which is restricted to the Apple App Store. But that negates the biggest advantage of Android.
Neither is inherently more secure, it comes down to flexibility and if you provide the freedom to do whatever the user wants and they take it then - just like on desktop systems - the user needs to take on additional responsibility, which they usually aren't capable of or willing to do. You will only get more safety for the userbase if they take on that responsibility and act on it or you restrict them. The nice thing is we - as users - have the choice:)
But the question remains, if install base in the USA is roughly 50/50, why are 99% of the mobile threats Android only.
Well the way I see it there are a number of contributing factors, Android has a much higher marketshare globally (restricting it to the US is silly because malware writers don't restrict their software geographically) so it is a larger target and it also allows installation of applications outside of Google Play. Apple disallows that and seems to do a pretty good job of curating their app store, getting malware past an app store curator is a hurdle that doesn't exist on Android hence iOS has less malware targeted at it. So it's simple: path of least effort combined with largest userbase.
Android devices do get regular updates direct from Google via Play, including security fixes.
But are those updates limited to Google Play Services or can they patch kernel and driver vulnerabilities or say the bluetooth, input or usb packages for example?
I can imagine that credit card details of someone living in the USA is more useful than say someone living in Mexico (which I actually do).
Of course but I doubt they would go to the effort of limiting malware to the USA to exclude Mexico just because those card numbers may not be as valuable. Do you have evidence of them doing this?
But since it's roughly 50/50 in the USA why aren't the attacks in the USA also not 50/50?
Maybe they are. I can't say I have seen any such statistics and I certainly can't understand why malware writers in general would target only a specific geographic area or even how they would limit it to that area.
I would rather continue being able to sideload apps that I developed myself rather than pay Apple for the privilege of running my own code on my own device.
Personally I'm not that fussed about it, I can either jailbreak my device or shell out $99 (which includes the ability to publish and share my software with others) if I really want to do that. Either way it's no big deal.
Malware for Android is no different from malware for Windows or for OS X, the bulk of it is due to being able to run any code you want (where unless you wrote it you probably don't know what it does) and most people will just click through warnings about unsigned code, virtually none will ever vet any code ever. If you take the precautions to only run binaries from reputable sources or to compile from source yourself (nobody does that outside of a few geeks) from a reputable repo then you should be ok...but then again the heartbleed bug shows that isn't the case all the time either.
The flip side of that is that on iOS you place all your trust in Apple to make sure that they vet code properly, by and large they do a pretty good job of that but that isn't to say they couldn't have a major slipup (in the style of goto-fail) in the future. With the freedom to run any code comes the responsibility to vet that code (whether that is the source - as in where it came from - of the binary or the sourcecode itself) and most users are not up to that challenge or just cannot be bothered and so malware persists.
If Android tablet sales are so far ahead, why are Android tablet use figures so far behind?
You shouldn't blindly rely on statistics just because they are on the internet, these guys have a pretty spotty record and they provide no methodology nor do they seem to be very consistent or believable in terms of their statistics:
For example, last May Chitika breathlessly reported that OS X usage was up 2.58% month over month (from 11.44% to 14.02%), while Windows usage was down 2.99%. There was no reason for the dramatic shift; it just happened. But one month later Windows usage increased dramatically while Mac usage was down significantly. Meanwhile, in the month of July, Chitika reported that half of all Linux users abruptly stopped using their preferred operating system, with Linux share dropping from 2.05% to 1.12%. http://www.zdnet.com/why-you-should-be-skeptical-of-chitikas-market-share-reports-7000009363/
It's all well and good to post a link to a pretty picture that supports your argument but there needs to be something to back that up.
You say the existing teachers deserve it (I'm not disputing that, though I think 600,000-800,000 is a bit hefty) but why would they do any better job just because you pay them more? Do you do your job to a capacity determined by your salary? Do you do a better job if you get a payrise? Or do you just do a crappy job until somebody gives you more money?
Increasing salaries will only work to attract talent if existing teachers are all just doing a shitty job, but reducing class sizes and workload increases the appeal of the job and increases job satisfaction so funding more positions rather than fewer positions more highly is obviously the preferable route. If we could give everybody an order of magnitude pay rise that would be nice but you know that's idiocy, nurses, paramedics, taxi drivers, garbage men, etc... have to deal with a lot of shit and aren't very highly paid at all. But I guess you have an interest in teachers having higher pay and don't care about anybody else or where that money should come from.
it's absolutely ridiculous, from a free market capitalist perspective, to expect to get the best people for a fraction of what they typically can earn in other fields
you pay teachers more for the same reason you pay NBA players or Goldman-Sachs VP's...you fsking moron...this is the end of this conversation...I've proven you wrong
Bullshit, you demonstrate your utter ignorance by suggesting the only way to get better people is to increase wages, this is patently false you braindead imbecile, obviously you have no experience in the realworld so your suggestion that this conversation is over and that you fuck off is a pretty good idea. Improving wages will not necessarily result in getting better teachers just as corporate VPs with larger salaries aren't necessarily any better than those with lower salaries, but of course you think the higher paid somebody is the better they are at their job.
Improving working conditions and reducing work load so that teachers are not so over-worked will have an impact, not increasing wages, overworked teachers with higher salaries is not going to improve the education system one bit, but obviously you think everything is driven by the dollar and simply giving more money will result in a better system.
That's you projecting because your stance is unjustifiable.
Wrong, I'm not projecting anything and I don't know what you think my "stance" is.
This isn't hard: attracting top talent requires good pay, same as any other profession
So the problem is the teachers, not the system.
and students perform better with smaller class sizes and more teacher-hours per pupil, instead of more pupils per teacher. Which requires....wait for it...more money than skinflint social darwinists have been willing to spend.
Yeah it's totally not like they spend over a trillion dollars on education per year...but you just blame the teachers while demanding they be given more money rather than considering that perhaps there is a lot of mismanagement going on.
Yes and again, you wouldn't touch this shitty job unless it paid six figures.
Wrong, unlike you I'm not totally driven by money. But obviously that's what you are totally consumed by which is why the only way you can come up with to fix things is to give more money to the teachers which you have already suggested are the problem anyway.
And how exactly will that help? Is it that all existing teachers are just bad at their job and need to be replaced with competent ones? Is money the only driver here?
I just think it's beyond stupid to say "This bug was found, therefore the software's development methodology ensures we never find bugs!" or some such twaddle.
I agree, but nobody said or inferred that, just that even if you do have "many eyes" (and the vast majority of projects do not) and even if you assume they are the right ones looking in the right place at the right time you will likely find at least some bugs at some point in time. So the point is it's hardly a reliable and practical advantage, more of a shot in the dark. In theory it's a great idea but you so rarely have it actually work, in this case - and really given the profile of the project this is an absolute best-case scenario - it didn't work effectively enough to stop this from being extremely widely distributed.
Now that makes sense! Job satisfaction isn't all about how much money you make (well for some people it is I suppose) so funding that rather than this "highest paid teachers" idea makes a lot more sense.
How much would you want to be paid to have a teachers job?
That's just throwing the question back because you can't answer it. The suggestion was that the answer is to increase teacher salaries so naturally I'm asking how much they need to be at for the education system to be fixed.
Tens of thousands in student loans to get a masters degree, 50+ hour work weeks, playing babysitter/parent/disciplinarian/counselor/doctor for a bunch of kids before even starting the teaching part, putting up with shitty parents and administrators, spend your summers continuing your education, and finally be judged on student performance when the #1 correlation for that is what kind of home the student goes home to at the end of the day.
Yes all jobs have shitty aspects to them, some more than others so obviously those that don't make up for it in some way (and no, not everybody's job satisfaction is rooted in their salary) will have fewer people willing to work in them. Effectively what you're saying is the system is fine but it's the teachers that are the problem and need to be replaced so increasing the salary will bring competent teachers to replace existing ones.
Not one of you snobby snots would take a teaching job for less than six figures.
you're splitting pennies for one of the essential functions of human existence: teachers to our young...
however we just pass MILLIONS$$$ and BILLIONS$$$ around when discussing business executive pay or defense contracts
Nobody is "splitting pennies", you think they should be paid more so he's asking how much they should be paid, very simple. And you can stop crying poor in comparison to defense spending, the US spends more on Education annually than it does on defense, in excess of $1 trillion in fact.
As a former teacher, the problem is that people want to spend money on ***EVERYTHING*** other than what will help educate children: public schools with the highest-paid, best trained teachers in the world
And exactly how much do teacher salaries have to be in order for them to properly educate children? I constantly see this crap bandied about that the only way to solve the issue of education is to throw money at the problem and pay teachers more...oddly enough this comes from teachers or former teachers or spouses of teachers. Throwing money at the problem is not the solution!
Because despite so many people looking over it it was deployed and left 60%+ of the internet vulnerable to it. Do you really take that as a shining practical example of "the system works"?
That only applied while they were busy working out the details for the embrace, extend and extinguish strategy they will use towards competing mobile operating systems
And how exactly would that work? Or is this just a case of "Microsoft is doing something therefore it must be Embrace Extend Extinguish"?
I don't understand how else it could be shocking to find a bug in a piece of software unless it didn't contain any bugs.
It's not just a bug, it's this bug. Clearly a bug this severe is a much more shocking revelation than say an issue with toolbar location persistence in libre office.
It's not as if "severe" bugs are easier to find. Why does it damage the many eyes claim? It had many eyes on it, and it eventually got found by a few of those many eyes. Nothing is *the* answer. Open source is one of many ways to *improve* the quality of code.
And it has dubious value given that this bug was committed, reviewed and accepted then extremely widely circulated despite many eyes being on it. It's not about having heaps of people look at it, it's about having a few people with the right knowledge and understanding of the system looking at it.
I think it quite clearly does improve the quality.
So what's the argument? That you have many eyes on it so this is less likely to happen than...what? Closed source software? Lower profile Open Source software? This is why it has dubious value, yes you might happen to fluke it but you're just as likely to have many eyes that completely miss it. Touting it as an advantage (even if it is in some circumstances) does it a disservice because you end up with people trusting that "it's open source so many other people are looking at it" and then you get a situation like this where it is used in literally billions of situations and the critical flaw was missed just like can happen in closed source projects. The advantage is the ability to find and fix issues yourself, not that many other people may or may not be doing it for you.
but given an arbitrary acceptable error, there are usually acceptable sample numbers and sampling strategies.
Well you need people that can fully understand a particular complex system to find the tough bugs, and you need a lot of them dedicated to it. I would say there is rarely ever enough, except maybe on the Linux kernel where the critical error rate is pretty low (though they do happen). Demonstrated by the key advantage of free/open source software being that it is easier/quicker to fix bugs in it, not that is necessarily more bug-free than proprietary software in general.
Right so just having lots of people looking over it won't necessarily accomplish anything, in fact you probably need an unrealistically large amount of people with the ability to understand the system looking over it for that to be of benefit.
I am not aware of any claims made by anyone remotely reputable that open source software doesn't contain bugs.
I didn't say anyone did, in fact such a thing is demonstrably false so I'm not quite sure what you say that.
Even if the claim is that open source software contains fewer bugs, finding one bug does not disprove that sort of claim.
No but when a bug this severe is discovered in something so widely deployed it certainly does damage the "many eyes" claim, it has about as many eyes on it as any open source program is likely to get so clearly that isn't the answer. Having "many eyes" doesn't necessarily diminish the quality, but obviously it doesn't necessarily improve it either so saying it's better because it has "many eyes" looking over it is disingenuous at best.
Slashdot Mirror
Strictly speaking, you forgot that it's $99 per year
Yes that's true.
and you forgot the cost of the mac you need to build the app.
I already had one.
You can build an android app on nearly any platform.
So of course you need to have a PC of some sort, if you want to run arbitrary code and you already have a PC but it isn't a Mac and you don't want to buy a Mac and don't know somebody that could build the binary for you on their Mac then obviously buy an Android device, the options are all there. I'm not advocating for one over the other but clearly if the cost is too much for you then by all means go for Android.
If all you want to do is tinker with android, the cost is zero - the one-time fee only applies when you want to publish the app.
This is all nice in theory but if it were actually a legitimate issue then I would think we should see a LOT of innovation on Android relative to iOS simply because of the supposed hurdles to develop for iOS. Assuming this cost is such a significant barrier to entry we should be seeing some negative effect, where is it?
I often see this barrier to entry issue paraded as a disadvantage of iOS so it should be seen as an advantage to Android but are the benefits actually anything more than theoretical?
Android will refuse to run unsigned apps - they MUST have a signature, though there is no certificate authority they have to go through.
Right well "signed by anybody" isn't that much different from a code safety perspective than unsigned code, you still have to trust who it is signed by and while they might not be able to modify existing apps we can see that from the malware examples on Android (even though I don't believe that many are particularly widely circulated) that this doesn't make much of a difference in terms of their ability to be malicious.
But, apps with differing signatures can't interfere with one another.
The protections in modern Windows and OS X offer the same thing unless you start running things as administrator, and if you have root access on any system you get pretty much free reign to do whatever you want anyway.
Wrong again; Apple already has made a major slipup.
The one you refer to was a research project, it's hardly a "major slipup" (I'm sure platform fanboys would like it portrayed that way but I don't have a religious devotion to any technology platform), in fact it had exactly zero impact on anybody, period.
And of course, that is only what's known. Apple users assume that everything they do is 100% secure once vetted by Apple, but they couldn't be more wrong.
No i don't think that's true at all, I guess I'm an Apple user (amongst Windows, Android and Gentoo) and I pointed out that whilst they are very good they are not perfect, which is the same as Google with the Play Store.
Generally if you live in a first world country, malware on Android isn't a problem in the slightest.
Obviously if you restrict yourself to the Google Play store it is very much the same thing as using an iOS device which is restricted to the Apple App Store. But that negates the biggest advantage of Android.
Neither is inherently more secure, it comes down to flexibility and if you provide the freedom to do whatever the user wants and they take it then - just like on desktop systems - the user needs to take on additional responsibility, which they usually aren't capable of or willing to do. You will only get more safety for the userbase if they take on that responsibility and act on it or you restrict them. The nice thing is we - as users - have the choice :)
Nope, hence why I imagine.
That's why I thought the assertion in this question: But since it's roughly 50/50 in the USA why aren't the attacks in the USA also not 50/50? was pretty disingenuous.
But the question remains, if install base in the USA is roughly 50/50, why are 99% of the mobile threats Android only.
Well the way I see it there are a number of contributing factors, Android has a much higher marketshare globally (restricting it to the US is silly because malware writers don't restrict their software geographically) so it is a larger target and it also allows installation of applications outside of Google Play. Apple disallows that and seems to do a pretty good job of curating their app store, getting malware past an app store curator is a hurdle that doesn't exist on Android hence iOS has less malware targeted at it. So it's simple: path of least effort combined with largest userbase.
Android devices do get regular updates direct from Google via Play, including security fixes.
But are those updates limited to Google Play Services or can they patch kernel and driver vulnerabilities or say the bluetooth, input or usb packages for example?
I can imagine that credit card details of someone living in the USA is more useful than say someone living in Mexico (which I actually do).
Of course but I doubt they would go to the effort of limiting malware to the USA to exclude Mexico just because those card numbers may not be as valuable. Do you have evidence of them doing this?
But since it's roughly 50/50 in the USA why aren't the attacks in the USA also not 50/50?
Maybe they are. I can't say I have seen any such statistics and I certainly can't understand why malware writers in general would target only a specific geographic area or even how they would limit it to that area.
I would rather continue being able to sideload apps that I developed myself rather than pay Apple for the privilege of running my own code on my own device.
Personally I'm not that fussed about it, I can either jailbreak my device or shell out $99 (which includes the ability to publish and share my software with others) if I really want to do that. Either way it's no big deal.
Malware for Android is no different from malware for Windows or for OS X, the bulk of it is due to being able to run any code you want (where unless you wrote it you probably don't know what it does) and most people will just click through warnings about unsigned code, virtually none will ever vet any code ever. If you take the precautions to only run binaries from reputable sources or to compile from source yourself (nobody does that outside of a few geeks) from a reputable repo then you should be ok...but then again the heartbleed bug shows that isn't the case all the time either.
The flip side of that is that on iOS you place all your trust in Apple to make sure that they vet code properly, by and large they do a pretty good job of that but that isn't to say they couldn't have a major slipup (in the style of goto-fail) in the future. With the freedom to run any code comes the responsibility to vet that code (whether that is the source - as in where it came from - of the binary or the sourcecode itself) and most users are not up to that challenge or just cannot be bothered and so malware persists.
If Android tablet sales are so far ahead, why are Android tablet use figures so far behind?
You shouldn't blindly rely on statistics just because they are on the internet, these guys have a pretty spotty record and they provide no methodology nor do they seem to be very consistent or believable in terms of their statistics:
For example, last May Chitika breathlessly reported that OS X usage was up 2.58% month over month (from 11.44% to 14.02%), while Windows usage was down 2.99%. There was no reason for the dramatic shift; it just happened. But one month later Windows usage increased dramatically while Mac usage was down significantly. Meanwhile, in the month of July, Chitika reported that half of all Linux users abruptly stopped using their preferred operating system, with Linux share dropping from 2.05% to 1.12%.
http://www.zdnet.com/why-you-should-be-skeptical-of-chitikas-market-share-reports-7000009363/
It's all well and good to post a link to a pretty picture that supports your argument but there needs to be something to back that up.
You say the existing teachers deserve it (I'm not disputing that, though I think 600,000-800,000 is a bit hefty) but why would they do any better job just because you pay them more? Do you do your job to a capacity determined by your salary? Do you do a better job if you get a payrise? Or do you just do a crappy job until somebody gives you more money?
Increasing salaries will only work to attract talent if existing teachers are all just doing a shitty job, but reducing class sizes and workload increases the appeal of the job and increases job satisfaction so funding more positions rather than fewer positions more highly is obviously the preferable route. If we could give everybody an order of magnitude pay rise that would be nice but you know that's idiocy, nurses, paramedics, taxi drivers, garbage men, etc... have to deal with a lot of shit and aren't very highly paid at all. But I guess you have an interest in teachers having higher pay and don't care about anybody else or where that money should come from.
Raising salaries won't do anything because the teachers are not the problem, the workload and class sizes are the problem.
i already addressed this...
you pay teachers more for the same reason you pay NBA players or Goldman-Sachs VP's...you fsking moron...this is the end of this conversation...I've proven you wrong
Bullshit, you demonstrate your utter ignorance by suggesting the only way to get better people is to increase wages, this is patently false you braindead imbecile, obviously you have no experience in the realworld so your suggestion that this conversation is over and that you fuck off is a pretty good idea. Improving wages will not necessarily result in getting better teachers just as corporate VPs with larger salaries aren't necessarily any better than those with lower salaries, but of course you think the higher paid somebody is the better they are at their job.
Improving working conditions and reducing work load so that teachers are not so over-worked will have an impact, not increasing wages, overworked teachers with higher salaries is not going to improve the education system one bit, but obviously you think everything is driven by the dollar and simply giving more money will result in a better system.
That's you projecting because your stance is unjustifiable.
Wrong, I'm not projecting anything and I don't know what you think my "stance" is.
This isn't hard: attracting top talent requires good pay, same as any other profession
So the problem is the teachers, not the system.
and students perform better with smaller class sizes and more teacher-hours per pupil, instead of more pupils per teacher. Which requires....wait for it...more money than skinflint social darwinists have been willing to spend.
Yeah it's totally not like they spend over a trillion dollars on education per year...but you just blame the teachers while demanding they be given more money rather than considering that perhaps there is a lot of mismanagement going on.
Yes and again, you wouldn't touch this shitty job unless it paid six figures.
Wrong, unlike you I'm not totally driven by money. But obviously that's what you are totally consumed by which is why the only way you can come up with to fix things is to give more money to the teachers which you have already suggested are the problem anyway.
the answer is (still) in the subject line:
"order of magnitude more"
And how exactly will that help? Is it that all existing teachers are just bad at their job and need to be replaced with competent ones? Is money the only driver here?
I just think it's beyond stupid to say "This bug was found, therefore the software's development methodology ensures we never find bugs!" or some such twaddle.
I agree, but nobody said or inferred that, just that even if you do have "many eyes" (and the vast majority of projects do not) and even if you assume they are the right ones looking in the right place at the right time you will likely find at least some bugs at some point in time. So the point is it's hardly a reliable and practical advantage, more of a shot in the dark. In theory it's a great idea but you so rarely have it actually work, in this case - and really given the profile of the project this is an absolute best-case scenario - it didn't work effectively enough to stop this from being extremely widely distributed.
Now that makes sense! Job satisfaction isn't all about how much money you make (well for some people it is I suppose) so funding that rather than this "highest paid teachers" idea makes a lot more sense.
How much would you want to be paid to have a teachers job?
That's just throwing the question back because you can't answer it. The suggestion was that the answer is to increase teacher salaries so naturally I'm asking how much they need to be at for the education system to be fixed.
Tens of thousands in student loans to get a masters degree, 50+ hour work weeks, playing babysitter/parent/disciplinarian/counselor/doctor for a bunch of kids before even starting the teaching part, putting up with shitty parents and administrators, spend your summers continuing your education, and finally be judged on student performance when the #1 correlation for that is what kind of home the student goes home to at the end of the day.
Yes all jobs have shitty aspects to them, some more than others so obviously those that don't make up for it in some way (and no, not everybody's job satisfaction is rooted in their salary) will have fewer people willing to work in them. Effectively what you're saying is the system is fine but it's the teachers that are the problem and need to be replaced so increasing the salary will bring competent teachers to replace existing ones.
Not one of you snobby snots would take a teaching job for less than six figures.
Not one of who?
you're splitting pennies for one of the essential functions of human existence: teachers to our young...
however we just pass MILLIONS$$$ and BILLIONS$$$ around when discussing business executive pay or defense contracts
Nobody is "splitting pennies", you think they should be paid more so he's asking how much they should be paid, very simple. And you can stop crying poor in comparison to defense spending, the US spends more on Education annually than it does on defense, in excess of $1 trillion in fact.
As a former teacher, the problem is that people want to spend money on ***EVERYTHING*** other than what will help educate children: public schools with the highest-paid, best trained teachers in the world
And exactly how much do teacher salaries have to be in order for them to properly educate children? I constantly see this crap bandied about that the only way to solve the issue of education is to throw money at the problem and pay teachers more...oddly enough this comes from teachers or former teachers or spouses of teachers. Throwing money at the problem is not the solution!
What? That sort of unsubstantiated crap is a poor attempt at an endorsement of any methodology.
Because despite so many people looking over it it was deployed and left 60%+ of the internet vulnerable to it. Do you really take that as a shining practical example of "the system works"?
That only applied while they were busy working out the details for the embrace, extend and extinguish strategy they will use towards competing mobile operating systems
And how exactly would that work? Or is this just a case of "Microsoft is doing something therefore it must be Embrace Extend Extinguish"?
I don't understand how else it could be shocking to find a bug in a piece of software unless it didn't contain any bugs.
It's not just a bug, it's this bug. Clearly a bug this severe is a much more shocking revelation than say an issue with toolbar location persistence in libre office.
It's not as if "severe" bugs are easier to find. Why does it damage the many eyes claim? It had many eyes on it, and it eventually got found by a few of those many eyes. Nothing is *the* answer. Open source is one of many ways to *improve* the quality of code.
And it has dubious value given that this bug was committed, reviewed and accepted then extremely widely circulated despite many eyes being on it. It's not about having heaps of people look at it, it's about having a few people with the right knowledge and understanding of the system looking at it.
I think it quite clearly does improve the quality.
So what's the argument? That you have many eyes on it so this is less likely to happen than...what? Closed source software? Lower profile Open Source software? This is why it has dubious value, yes you might happen to fluke it but you're just as likely to have many eyes that completely miss it. Touting it as an advantage (even if it is in some circumstances) does it a disservice because you end up with people trusting that "it's open source so many other people are looking at it" and then you get a situation like this where it is used in literally billions of situations and the critical flaw was missed just like can happen in closed source projects. The advantage is the ability to find and fix issues yourself, not that many other people may or may not be doing it for you.
but given an arbitrary acceptable error, there are usually acceptable sample numbers and sampling strategies.
Well you need people that can fully understand a particular complex system to find the tough bugs, and you need a lot of them dedicated to it. I would say there is rarely ever enough, except maybe on the Linux kernel where the critical error rate is pretty low (though they do happen). Demonstrated by the key advantage of free/open source software being that it is easier/quicker to fix bugs in it, not that is necessarily more bug-free than proprietary software in general.
Right so just having lots of people looking over it won't necessarily accomplish anything, in fact you probably need an unrealistically large amount of people with the ability to understand the system looking over it for that to be of benefit.
I am not aware of any claims made by anyone remotely reputable that open source software doesn't contain bugs.
I didn't say anyone did, in fact such a thing is demonstrably false so I'm not quite sure what you say that.
Even if the claim is that open source software contains fewer bugs, finding one bug does not disprove that sort of claim.
No but when a bug this severe is discovered in something so widely deployed it certainly does damage the "many eyes" claim, it has about as many eyes on it as any open source program is likely to get so clearly that isn't the answer. Having "many eyes" doesn't necessarily diminish the quality, but obviously it doesn't necessarily improve it either so saying it's better because it has "many eyes" looking over it is disingenuous at best.